The security tool your developer just installed may have already stolen your cloud keys.
The security tool your developer just installed may have already stolen your cloud keys.
Red Hat’s official npm namespace was compromised on June 1. Thirty-two packages under @redhat-cloud-services â collectively downloaded ~80,000 times per week â contained a preinstall script that ran before a single line of application code executed. By the time the package finished installing, it had already swept the machine for GitHub tokens, AWS and Azure credentials, Kubernetes secrets, SSH keys, and environment files.
What happened: a Red Hat employee’s GitHub account was compromised â infostealer logs show the credentials were already floating in dark web markets since April 13. The attacker used the account to push malicious orphan commits to official Red Hat repositories, bypassing code review. The campaign is dubbed Miasma: The Spreading Blight, a new variant of the Mini Shai-Hulud malware family.
Here’s the uncomfortable part: uninstalling the package is not sufficient cleanup. The malware injects persistence into AI coding assistant session hooks and IDE task files, meaning it re-executes automatically every time a developer opens a project. It also includes a destructive failsafe â if the victim revokes a stolen GitHub token before removing persistence, it runs a full home directory wipe.
This is the 10th confirmed supply chain attack on developer ecosystems since January 2026. And the attribution picture just got worse: TeamPCP open-sourced the attack tools under an MIT license in May. Miasma may be a copycat. Multiple actors are now running the same playbook.
If you run Red Hat cloud services in your environment, treat this as an active incident.
Three things to do now: Audit installations of @redhat-cloud-services packages from May 29 onward and isolate affected hosts immediately. Rotate all GitHub tokens, AWS/Azure/GCP keys, Kubernetes secrets, and SSH keys on any machine that ran a flagged package â not just the CI/CD runner. Search for persistence artifacts in AI assistant settings, IDE task files, and CI/CD workflow configs. Package removal does not remove these.
Links for a deeper technical dive are in the comments.
For those who want a deeper dive into this topic:
